Ejemplo n.º 1
0
        def wrapped_func(*args, **kwargs):
            decl_admin_password = request.headers.get("x-admin")
            decl_token = request.headers.get("x-token")

            if decl_admin_password is None and decl_token is None:
                return api_message(lang.auth_token_missing, 401)

            # Authenticate Admin
            if decl_admin_password is not None:
                if check_admin_password(decl_admin_password) is False:
                    return api_message(lang.admin_password_invalid, 401)

                kwargs["auth_user_id"] = 0

            # Authenticate User
            else:
                authtoken = cls.get_active_by_id(decl_token)
                if authtoken is None:
                    return api_message(lang.auth_token_invalid, 401)

                kwargs["auth_user_id"] = authtoken.user_id

                authtoken.last_used = datetime.utcnow()
                db.session.commit()

            return func(*args, **kwargs)
Ejemplo n.º 2
0
def todolist_by_id(todolist_id, auth_user_id):
    todolist = ToDoList.get_by_id_for_user(auth_user_id, todolist_id)
    if todolist is None:
        return api_message(lang.not_found, 404)

    # GET
    if request.method == "GET":
        return jsonify(ToDoListSchema().dump(todolist))

    # PATCH
    elif request.method == "PATCH":
        # Validate Data
        try:
            data = ToDoListSchema(exclude=["user_id"]).load(g.parsed_json)
        except ValidationError as e:
            return api_message(e.messages, 400)

        # Update and Return ToDoList
        todolist.update(data)
        return jsonify(ToDoListSchema().dump(todolist))

    # DELETE
    elif request.method == "DELETE":
        for todo in ToDo.get_by_list_id(todolist.id):
            todo.update({"list_id": None}, commit=False)
        todolist.delete(commit=True)
        return api_message(lang.deletion_successful, 200)
Ejemplo n.º 3
0
        def wrapped_func(*args, **kwargs):
            decl_admin_password = request.headers.get("x-admin")
            if decl_admin_password is None:
                return api_message(lang.admin_password_missing, 401)

            if check_admin_password(decl_admin_password) is False:
                return api_message(lang.admin_password_invalid, 401)

            return func(*args, **kwargs)
Ejemplo n.º 4
0
        def wrapped_func(*args, **kwargs):
            decl_token = request.headers.get("x-token")
            if decl_token is None:
                return api_message(lang.auth_token_missing, 401)

            authtoken = cls.get_active_by_id(decl_token)
            if authtoken is None:
                return api_message(lang.auth_token_invalid, 401)

            kwargs["auth_user_id"] = authtoken.user_id

            authtoken.last_used = datetime.utcnow()
            db.session.commit()

            return func(*args, **kwargs)
Ejemplo n.º 5
0
def user():
    user_schema = UserSchema()

    # Validate Data
    try:
        data = user_schema.load(g.parsed_json)
    except (ValidationError) as e:
        return api_message(e.messages, 400)

    # Duplicate Check
    dupe = User.get_by_username(data["username"])
    if dupe is not None:
        return api_message(lang.duplicate_user, 400)

    # Create and Return User
    password_salt = System.get("password_salt").value
    user = User(data["username"], data["password"], password_salt,
                data["config"])
    return jsonify(user_schema.dump(user)), 201
Ejemplo n.º 6
0
def auth():
    # Validate Data
    try:
        data = UserSchema().load(g.parsed_json)
    except ValidationError as e:
        return api_message(e.messages, 400)

    # Authenticate Credentials
    password_salt = System.get("password_salt").value
    user = User.authenticate(data["username"], data["password"], password_salt)
    if user is None:
        return api_message(lang.credentials_invalid, 401)

    # Data Cleanse
    AuthToken.delete_expired()

    # Create and Return AuthToken
    token = AuthToken(user.id)
    return jsonify(AuthTokenSchema().dump(token))
Ejemplo n.º 7
0
def user_by_id(user_id, auth_user_id):
    # If the user is trying to access data for another user return a 404.
    # Note: An auth_user_id of 0 denotes an authorised admin.
    if user_id != auth_user_id and auth_user_id != 0:
        return api_message(lang.not_found, 404)

    user = User.get_by_id(user_id)
    if user is None:
        return api_message(lang.not_found, 404)

    # GET
    if request.method == "GET":
        return jsonify(UserSchema().dump(user))

    # PATCH
    elif request.method == "PATCH":
        # Validate Data
        try:
            data = UserSchema().load(g.parsed_json, partial=True)
        except ValidationError as e:
            return api_message(e.messages, 400)

        # Update and Return User
        user.update(data)
        return jsonify(UserSchema().dump(user))

    # DELETE
    elif request.method == "DELETE":
        # ToDos
        for todo in ToDo.get_multiple_for_user(user_id):
            # Subtasks
            for subtask in ToDo.get_by_parent_id(todo.id):
                subtask.delete(commit=False)
            todo.delete(commit=False)

        # ToDoLists
        for todolist in ToDoList.get_all_for_user(user_id):
            todolist.delete(commit=False)

        user.delete(commit=True)

        return api_message(lang.deletion_successful, 200)
Ejemplo n.º 8
0
def todolist(auth_user_id):
    # GET
    if request.method == "GET":
        # Get and Return ToDoLists
        todolists = ToDoList.get_all_for_user(auth_user_id)
        return jsonify(
            [ToDoListSchema().dump(todolist) for todolist in todolists])

    # POST
    elif request.method == "POST":
        # Validate Data
        try:
            data = ToDoListSchema(exclude=["user_id"]).load(g.parsed_json)
        except (ValidationError) as e:
            return api_message(e.messages, 400)

        # Create and Return ToDoList
        todolist = ToDoList(auth_user_id, data["name"])
        return jsonify(ToDoListSchema().dump(todolist)), 201